Date: Wed, 8 Feb 2012 23:51:46 +0000 (UTC) From: Jamie Gritton <jamie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r231238 - projects/jailconf/usr.sbin/jail Message-ID: <201202082351.q18NpkHd070699@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jamie Date: Wed Feb 8 23:51:46 2012 New Revision: 231238 URL: http://svn.freebsd.org/changeset/base/231238 Log: Improvements in error messages: Some errors printed the jail name for unnamed (command line) jails. Attempting to create an already-existing jail from the command line returned with no error (even for non-root) due to bad logic in start_state. Ignore kvm_proc errors, which are typically caused by permission problems. Instead, stop ignoring permission errors when removing a jail (but continue to silently ignore other errors, i.e. the jail no longer existing). This makes non-root attempts at removing a jail give a clearer error message. Modified: projects/jailconf/usr.sbin/jail/command.c projects/jailconf/usr.sbin/jail/jail.c projects/jailconf/usr.sbin/jail/jailp.h projects/jailconf/usr.sbin/jail/state.c Modified: projects/jailconf/usr.sbin/jail/command.c ============================================================================== --- projects/jailconf/usr.sbin/jail/command.c Wed Feb 8 23:47:22 2012 (r231237) +++ projects/jailconf/usr.sbin/jail/command.c Wed Feb 8 23:51:46 2012 (r231238) @@ -274,7 +274,11 @@ run_command(struct cfjail *j) case IP__OP: if (down) { - (void)jail_remove(j->jid); + if (jail_remove(j->jid) < 0 && errno == EPERM) { + jail_warnx(j, "jail_remove: %s", + strerror(errno)); + return -1; + } if (verbose > 0 || (verbose == 0 && (j->flags & JF_STOP ? note_remove : j->name != NULL))) jail_note(j, "removed\n"); @@ -711,14 +715,14 @@ term_procs(struct cfjail *j) return 0; if (kd == NULL) { - kd = kvm_open(NULL, NULL, NULL, O_RDONLY, "jail"); + kd = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL); if (kd == NULL) - exit(1); + return 0; } ki = kvm_getprocs(kd, KERN_PROC_PROC, 0, &pcnt); if (ki == NULL) - exit(1); + return 0; noted = 0; for (i = 0; i < pcnt; i++) if (ki[i].ki_jid == j->jid && Modified: projects/jailconf/usr.sbin/jail/jail.c ============================================================================== --- projects/jailconf/usr.sbin/jail/jail.c Wed Feb 8 23:47:22 2012 (r231237) +++ projects/jailconf/usr.sbin/jail/jail.c Wed Feb 8 23:51:46 2012 (r231238) @@ -62,6 +62,8 @@ static void clear_persist(struct cfjail static int update_jail(struct cfjail *j); static int rdtun_params(struct cfjail *j, int dofail); static void running_jid(struct cfjail *j, int dflag); +static void jail_quoted_warnx(const struct cfjail *j, const char *name_msg, + const char *noname_msg); static int jailparam_set_note(const struct cfjail *j, struct jailparam *jp, unsigned njp, int flags); static void print_jail(FILE *fp, struct cfjail *j, int oldcl); @@ -317,10 +319,10 @@ main(int argc, char **argv) error = 0; if (op == JF_STOP) { for (i = 0; i < argc; i++) - if (start_state(argv[i], op, Rflag) < 0) + if (start_state(argv[i], docf, op, Rflag) < 0) error = 1; } else { - if (start_state(docf ? argv[0] : NULL, op, 0) < 0) + if (start_state(argv[0], docf, op, 0) < 0) exit(1); } @@ -376,7 +378,8 @@ main(int argc, char **argv) break; case JF_SET_RESTART: if (j->jid < 0) { - warnx("\"%s\" not found", j->name); + jail_quoted_warnx(j, "not found", + "no jail specified"); failed(j); continue; } @@ -396,7 +399,8 @@ main(int argc, char **argv) if (j->comparam == NULL) { if (j->jid > 0 && !(j->flags & (JF_DEPEND | JF_WILD))) { - warnx("\"%s\" already exists", j->name); + jail_quoted_warnx(j, "already exists", + NULL); failed(j); continue; } @@ -420,7 +424,8 @@ main(int argc, char **argv) case JF_SET: if (j->jid < 0 && !(j->flags & JF_DEPEND)) { - warnx("\"%s\" not found", j->name); + jail_quoted_warnx(j, "not found", + "no jail specified"); failed(j); continue; } @@ -444,8 +449,8 @@ main(int argc, char **argv) if (j->jid < 0) { if (!(j->flags & (JF_DEPEND | JF_WILD)) && verbose >= 0) - warnx("\"%s\" not found", - j->name); + jail_quoted_warnx(j, + "not found", NULL); goto jail_remove_done; } j->comparam = stopcommands; @@ -834,6 +839,19 @@ running_jid(struct cfjail *j, int dflag) j->jid = jail_get(jiov, 2, dflag ? JAIL_DYING : 0); } +static void +jail_quoted_warnx(const struct cfjail *j, const char *name_msg, + const char *noname_msg) +{ + const char *pval; + + if ((pval = j->name) || (pval = string_param(j->intparams[KP_JID])) || + (pval = string_param(j->intparams[KP_NAME]))) + warnx("\"%s\" %s", pval, name_msg); + else + warnx("%s", noname_msg); +} + /* * Set jail parameters and possible print them out. */ Modified: projects/jailconf/usr.sbin/jail/jailp.h ============================================================================== --- projects/jailconf/usr.sbin/jail/jailp.h Wed Feb 8 23:47:22 2012 (r231237) +++ projects/jailconf/usr.sbin/jail/jailp.h Wed Feb 8 23:51:46 2012 (r231238) @@ -215,7 +215,8 @@ extern int dep_check(struct cfjail *j); extern void dep_done(struct cfjail *j, unsigned flags); extern void dep_reset(struct cfjail *j); extern struct cfjail *next_jail(void); -extern int start_state(const char *target, unsigned state, int running); +extern int start_state(const char *target, int docf, unsigned state, + int running); extern void requeue(struct cfjail *j, struct cfjails *queue); extern void yyerror(const char *); Modified: projects/jailconf/usr.sbin/jail/state.c ============================================================================== --- projects/jailconf/usr.sbin/jail/state.c Wed Feb 8 23:47:22 2012 (r231237) +++ projects/jailconf/usr.sbin/jail/state.c Wed Feb 8 23:51:46 2012 (r231238) @@ -128,7 +128,7 @@ dep_setup(int docf) /* Look for dependency loops. */ if (deps && (deps > 1 || ldeps)) { - (void)start_state(NULL, 0, 0); + (void)start_state(NULL, 0, 0, 0); while ((j = TAILQ_FIRST(&ready))) { requeue(j, &cfjails); dep_done(j, DF_NOFAIL); @@ -300,20 +300,23 @@ next_jail(void) * Set jails to the proper start state. */ int -start_state(const char *target, unsigned state, int running) +start_state(const char *target, int docf, unsigned state, int running) { struct iovec jiov[6]; struct cfjail *j, *tj; int jid; char namebuf[MAXHOSTNAMELEN]; - if (!target || (!running && !strcmp(target, "*"))) { + if (!target || (!docf && state != JF_STOP) || + (!running && !strcmp(target, "*"))) { /* - * If there's no target specified, set the state on all jails, - * and start with those that have no dependencies. + * For a global wildcard (including no target specified), + * set the state on all jails and start with those that + * have no dependencies. */ TAILQ_FOREACH_SAFE(j, &cfjails, tq, tj) { - j->flags = (j->flags & JF_FAILED) | state | JF_WILD; + j->flags = (j->flags & JF_FAILED) | state | + (docf ? JF_WILD : 0); dep_reset(j); requeue(j, j->ndeps ? &depend : &ready); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202082351.q18NpkHd070699>